From 6b604a1b0289e5e7211c2e5f8c4f395f51de7c3d Mon Sep 17 00:00:00 2001 From: Ian Rogers Date: Thu, 25 Sep 2014 15:35:37 -0700 Subject: Fix Class::IsInSamePackage to not read beyond the end of a StringPiece. Fix length of string piece to be size_type rather than int because expecting negatively sized strings is a bad idea and we should use unsigned types to defensively guard against mistakes. Remove max_size and capacity since the return type is inconsistent between Google and the STL, and we don't need the functions. Add a bound check in libartd to operator[] accesses. Change-Id: I1b87a03d8fbd95e7dbb106745e304d1083898075 --- runtime/mirror/art_method.cc | 4 ++-- runtime/mirror/class.cc | 3 ++- 2 files changed, 4 insertions(+), 3 deletions(-) (limited to 'runtime/mirror') diff --git a/runtime/mirror/art_method.cc b/runtime/mirror/art_method.cc index 159d04d..787c767 100644 --- a/runtime/mirror/art_method.cc +++ b/runtime/mirror/art_method.cc @@ -105,9 +105,9 @@ void ArtMethod::SetDexCacheResolvedTypes(ObjectArray* new_dex_cache_class } size_t ArtMethod::NumArgRegisters(const StringPiece& shorty) { - CHECK_LE(1, shorty.length()); + CHECK_LE(1U, shorty.length()); uint32_t num_registers = 0; - for (int i = 1; i < shorty.length(); ++i) { + for (size_t i = 1; i < shorty.length(); ++i) { char ch = shorty[i]; if (ch == 'D' || ch == 'J') { num_registers += 2; diff --git a/runtime/mirror/class.cc b/runtime/mirror/class.cc index 0ee8fa8..3fcb188 100644 --- a/runtime/mirror/class.cc +++ b/runtime/mirror/class.cc @@ -294,7 +294,8 @@ void Class::SetReferenceInstanceOffsets(uint32_t new_reference_offsets) { bool Class::IsInSamePackage(const StringPiece& descriptor1, const StringPiece& descriptor2) { size_t i = 0; - while (descriptor1[i] != '\0' && descriptor1[i] == descriptor2[i]) { + size_t min_length = std::min(descriptor1.size(), descriptor2.size()); + while (i < min_length && descriptor1[i] == descriptor2[i]) { ++i; } if (descriptor1.find('/', i) != StringPiece::npos || -- cgit v1.1